diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 13 |
1 files changed, 6 insertions, 7 deletions
@@ -7,7 +7,7 @@ SOC staff ever: Can we have lunch now? ## The elevator pitch -Your're working as a Security Operations Center engineer and your job +You're working as a Security Operations Center engineer and your job is to, one, know when any part of your infrastructure is vulnerable and, two, if it is, do something smart about it. @@ -41,8 +41,8 @@ the full text. ## How to test it out -The collector has been tested on Debian 10 (Buster). Other Unix -systems should also be capable of hosting it. +The collector has been tested on Debian 11 (Bullseye). Other Unix +systems should also be capable of running a collector. Clone the repository. @@ -50,8 +50,7 @@ Clone the repository. Install dependencies (Debian). - sudo apt install python3 python3-pip python3-leveldb - pip3 install falcon + sudo apt install docker.io docker-compose Start CouchDB and the collector. Make sure to give it a username and password: @@ -94,10 +93,10 @@ We might also filter the data: curl -s -u user1:pw1 http://localhost:80/sc/v0/get?port=111 | json_pp -json_opt utf8,pretty -Believe it or not, but we can also get a single observation by looking up its key: +Believe it or not, but we can also get a single observation by looking up its key (_id): curl -s -u user1:pw1 http://localhost:80/sc/v0/get/1633633714355 | json_pp -json_opt utf8,pretty We can also limit the number of results and skip N results forward with the parameters limit and skip: - curl -s -u user1:pw1 http://localhost:80/sc/v0/get?limit=5&skip=2 | json_pp -json_opt utf8,pretty + curl -s -u user1:pw1 'http://localhost:80/sc/v0/get?limit=5&skip=2' | json_pp -json_opt utf8,pretty |